How hackers can pose as your email contacts to take your cash… and the banks will NOT refund you

Innocent Brits are being conned out of thousands by scammers pretending to be trusted builders and solicitors

BY SOPHIE CHRISTIE, DIGITAL CONSUMER REPORTER

25th January 2017,11:56 am

Updated: 11th October 2017,1:50 pm

UNSUSPECTING Brits are losing thousands of pounds in a sophisticated scam that leaves victims with little or no protection from their bank.

The scam goes like this. Fraudsters infect a customer’s computer with a malicious software that allows criminals to spy on emails sent between them and a contractor (whether it be a builder, solicitor, or even a holiday booking firm).

Fraudsters are targeting people who transfer large amounts of cash by hacking their computers and emails

Hackers then wait until an email is sent from the contractor with their genuine bank details on it, for payment of a deposit or for completed work.

The crooks then send a spoof email to the victim from the supposed contractor with new, fake bank details. They will often say that the first bank details they sent were wrong, or were for an old bank account they no longer use.

Once the payment has been made, the money is quickly drained from the bank account by the fraudsters.

Because the transactions are often to solicitors for house deposits, the sums are large and often make up a person’s life savings.

And the worst thing about it is that banks aren’t liable to pay up when victims lose their money.

In the past banks have said they can’t pay because the mistake lies with the customer.

Banks are obligated to put a stop on the money once they’ve identified it as fraud.

But by the time the case has been assessed it is often too late – the criminals have drained all the cash from the account.

One victim told the Daily Mail he lost almost £4,000 after receiving an email that he thought was from his builder asking for money for materials.

The email had come from his builder’s usual email address, as it had been hacked, so didn’t appear suspicious.

But five days later he discovered his builder’s email account had been hacked and the money had been stolen. Neither his own bank or the bank used by the crook would reimburse him.

Even when victims pick up on the fraud soon after the transaction is made, it is often too late as the fraudsters take the money immediately.

They also often send the scam emails late on a Friday, giving them more time to avoid detection as people are less likely to check their bank accounts over the weekend, and banks are less responsive at this time.

Because of this, the scam is also often dubbed the “Friday afternoon fraud”.

While fraud victims are usually refunded by banks if they aren’t at fault, people who transfer money to a criminal’s account – even if they are unaware that they are doing this – do not have the same protection because banks say the money has been handed over voluntarily.

Holidaymakers have also been duped by this nasty scam, with a report by City of London Police’s National Fraud Intelligence Bureau last year revealing that £11.5million had been stolen by criminals from unsuspecting holidaymakers in 2015.

The scam occurs when families email holiday lettings agencies abroad and hackers intercept their transactions to get the payments sent to their own bank account.

HOW TO MAKE SURE YOU DON'T GET CONNED

AVOID making a payment to someone by email, instead make payments by telephone or in person where possible.

If you do recieve an emailed invoice and have no other way of paying, phone the company or individual you’re sending the money to, to make sure the bank details you have for them are correct.

If you’re transferring a large sum, send £1 first then check that the right person has received that sum before sending the rest of the money

The lettings agencies are none the wiser and the criminals make off with a large chunk of cash. For the holidaymakers, their trip is completely ruined.

Tony Neate, CEO of Get Safe Online, said: “Fraudsters are unfortunately becoming more and more sophisticated, and are now even able to intercept emails or pose as legitimate contacts from our email address books.

“Our advice would be to firstly ensure that your password is fit for purpose. We’d recommend using a password which is made up of random words, numbers and symbols – thus preventing your inbox being compromised in the first place.

“What’s more we’d always recommend that you closely scrutinise emails that ask you for personal details, and particularly those that ask for payments – even if these are from trusted contacts like banks or solicitors.

“If you’re unsure if an email requesting payment is genuine or not, why not call the company that has sent you the email and check. What’s more you could also try and arrange an alternative way of making your payment if the request has been made by a reputable organisation – thus ensuring that any transactions are steered clear of your emails altogether.

Have you fallen victim to an email scam like this? Email me at sophie.christie@thesun.co.ukor call 0207 782 4394